Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

DNSdist — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in DNSdist, with AI-generated Chinese analysis, references, and POCs.

Vendor: Open-Xchange

CVE IDTitleCVSSSeverityPublished
CVE-2026-33593 Denial of service via crafted DNSCrypt query 7.5 High2026-04-22
CVE-2026-33594 Outgoing DoH excessive memory allocation 5.3 Medium2026-04-22
CVE-2026-33595 DoQ/DoH3 excessive memory allocation 5.3 Medium2026-04-22
CVE-2026-33597 PRSD detection denial of service 3.7 Low2026-04-22
CVE-2026-33596 TCP backend stream ID overflow 3.1 Low2026-04-22
CVE-2026-33598 Out-of-bounds read in cache inspection via Lua 4.8 Medium2026-04-22
CVE-2026-33599 Out-of-bounds read in service discovery 3.1 Low2026-04-22
CVE-2026-33602 Off-by-one access when processing crafted UDP responses 6.5 Medium2026-04-22
CVE-2026-33254 Resource exhaustion via DoQ/DoH3 connections 5.3 Medium2026-04-22
CVE-2026-27854 Use after free when parsing EDNS options in Lua 4.8 Medium2026-03-31
CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets 5.9 Medium2026-03-31
CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3 5.3 Medium2026-03-31
CVE-2026-24029 DNS over HTTPS ACL bypass 6.5 Medium2026-03-31
CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua 5.3 Medium2026-03-31
CVE-2026-0397 Information disclosure via CORS misconfiguration 3.1 Low2026-03-31
CVE-2026-0396 HTML injection in the web dashboard 3.1 Low2026-03-31
CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist CWE-835 3.7 Low2025-09-18
CVE-2025-30193 Denial of service via crafted TCP exchange CWE-674 7.5 High2025-05-20
CVE-2025-30194 Denial of service via crafted DoH exchange CWE-416 7.5 High2025-04-29
CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist CWE-20 7.5 High2024-05-13
CVE-2018-14663 PowerDNS DNSDist 安全漏洞 CWE-20--2018-11-26
CVE-2016-7069 dnsdist 安全漏洞 CWE-20 7.5 -2018-09-11
CVE-2017-7557 dnsdist 安全漏洞 CWE-287 8.8 -2017-08-22

All 23 known CVE vulnerabilities affecting DNSdist with full Chinese analysis, references, and POCs where available.